Bugzilla – Bug 782060
ntpq is very slow
Last modified: 2016-08-18 15:53:06 UTC
# time ntpq -pn remote refid st t when poll reach delay offset jitter ============================================================================== 127.127.1.0 .LOCL. 10 l 54m 64 0 0.000 0.000 0.000 *5.9.55.149 130.133.1.10 2 u 162 256 377 4.528 0.075 1.051 -176.28.8.111 187.95.28.233 3 u 64 256 377 13.549 -11.302 1.331 +38.229.71.1 172.16.32.4 2 u 137 256 377 117.416 1.492 2.391 +199.167.198.163 128.4.1.1 2 u 141 256 377 94.616 -2.757 0.575 real 0m0.900s user 0m0.780s sys 0m0.088s strace -o /tmp/ntpq.strace ntpq -pn grep "Active Measurement Protocol" /tmp/ntpq.strace|wc -l 64 So for some reason it is reading /etc/services 64 times. while strace -o /tmp/getent.strace getent services ntp shows that it just reads the file once.
for comparison: on a debian/6.0.5(squeeze) system with ntp-4.2.6 it takes 0.003 s reading /etc/services 8 times and the file is only 20kB there instead of our 748kB
Created attachment 512792 [details] patch: don't ask for ntp service With help of Andreas Schwab I found this. I verified that this one-line patch speeds up ntpq -pn by a factor of 7. The alternative is to add hints.ai_socktype = SOCK_DGRAM; The underlying problem is that getaddrinfo will read /etc/services once for every possible protocol, if you don't specify either ai_socktype or ai_protocol and for protocols other than tcp and udp, it will read the big file until the very end. Also nscd is not configured to cache services.
btw: in SLE-11-SP2, nscd supports caching services by default and even without that, ntpq -pn is faster (approx factor 5) only reading the full /etc/services 4 times and the beginning (up to port 123) of it another 4 times
unscd doesn't appear to support services caching.
FYI, I opened https://build.opensuse.org/request/show/144377 which I tested on two different machines to give a speedup factor between 8 and 10.
For fun I tested in kvm my old SuSE-8.2 based LiveCD from http://lsmod.de/bootcd/bmwinux-8.2-040808.iso with glibc-2.3.2 and xntp-4.1.1 and even without nscd it took only 3ms - way faster than later versions. strace showed that it opened /etc/services exactly once.
filed upstream at http://bugs.ntp.org/show_bug.cgi?id=2320
This is an autogenerated message for OBS integration: This bug (782060) was mentioned in https://build.opensuse.org/request/show/148946 Factory / ntp
patch applied
I'll change this patch to use hints.ai_socktype = SOCK_DGRAM; as suggested in comment 2, because we're resolving for a UDP socket here, so we should specify that in the query. Setting the 2nd argument of getaddrinfo() to NULL asks for an arbitrary port rather than the port for NTP (123), and I wonder why this change hasn't broken anything (or it has and we just didn't notice). BTW, if reading /etc/services once is still too much, we can additionally change "ntp" to "123" and set the AI_NUMERICSRV flag, to disable name resolution on the service argument entirely, as it is already being done for the node argument.
(In reply to Reinhard Max from comment #10) > Setting the 2nd argument of getaddrinfo() to NULL asks for an arbitrary port > rather than the port for NTP (123), and I wonder why this change hasn't > broken anything (or it has and we just didn't notice). getaddrinfo(3) says about the 2nd argument > If service is NULL, then the port number > of the returned socket addresses will be left uninitialized. which is exactly what we want here, because we dont need the port number and would just throw away the value which we looked up in /etc/services (unless the surrounding code changed a lot) Though doing one lookup per IP for UDP would still be a lot better than the original 10 or so lookups
SUSE-SU-2016:1175-1: An update that solves 12 vulnerabilities and has 8 fixes is now available. Category: security (important) Bug References: 782060,784760,916617,951559,951629,956773,962318,962784,962802,962960,962966,962970,962988,962994,962995,962997,963000,963002,975496,975981 CVE References: CVE-2015-5300,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8139,CVE-2015-8140,CVE-2015-8158 Sources used: SUSE Linux Enterprise Server 11-SP4 (src): ntp-4.2.8p6-8.2 SUSE Linux Enterprise Debuginfo 11-SP4 (src): ntp-4.2.8p6-8.2
SUSE-SU-2016:1177-1: An update that solves 12 vulnerabilities and has 8 fixes is now available. Category: security (important) Bug References: 782060,916617,937837,951559,951629,956773,962318,962784,962802,962960,962966,962970,962988,962994,962995,962997,963000,963002,975496,975981 CVE References: CVE-2015-5300,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8139,CVE-2015-8140,CVE-2015-8158 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): yast2-ntp-client-3.1.22-6.2 SUSE Linux Enterprise Server 12-SP1 (src): ntp-4.2.8p6-8.2, yast2-ntp-client-3.1.22-6.2 SUSE Linux Enterprise Desktop 12-SP1 (src): ntp-4.2.8p6-8.2, yast2-ntp-client-3.1.22-6.2
SUSE-SU-2016:1247-1: An update that solves 28 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 782060,905885,910063,916617,920238,926510,936327,937837,942587,944300,946386,951559,951608,951629,954982,956773,962318,962784,962802,962960,962966,962970,962988,962994,962995,962997,963000,963002,975496,975981 CVE References: CVE-2015-5300,CVE-2015-7691,CVE-2015-7692,CVE-2015-7701,CVE-2015-7702,CVE-2015-7703,CVE-2015-7704,CVE-2015-7705,CVE-2015-7848,CVE-2015-7849,CVE-2015-7850,CVE-2015-7851,CVE-2015-7852,CVE-2015-7853,CVE-2015-7854,CVE-2015-7855,CVE-2015-7871,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8139,CVE-2015-8140,CVE-2015-8158 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): yast2-ntp-client-3.1.12.4-8.2 SUSE Linux Enterprise Server 12 (src): ntp-4.2.8p6-46.5.2, yast2-ntp-client-3.1.12.4-8.2 SUSE Linux Enterprise Desktop 12 (src): ntp-4.2.8p6-46.5.2, yast2-ntp-client-3.1.12.4-8.2
openSUSE-SU-2016:1292-1: An update that solves 12 vulnerabilities and has 8 fixes is now available. Category: security (important) Bug References: 782060,916617,937837,951559,951629,956773,962318,962784,962802,962960,962966,962970,962988,962994,962995,962997,963000,963002,975496,975981 CVE References: CVE-2015-5300,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8139,CVE-2015-8140,CVE-2015-8158 Sources used: openSUSE Leap 42.1 (src): ntp-4.2.8p6-15.1, yast2-ntp-client-3.1.22-6.1
SUSE-SU-2016:1311-1: An update that solves 30 vulnerabilities and has 6 fixes is now available. Category: security (important) Bug References: 782060,784760,905885,910063,916617,920183,920238,926510,936327,937837,942441,942587,943216,943218,944300,946386,951351,951559,951608,951629,954982,956773,962318,962784,962802,962960,962966,962970,962988,962994,962995,962997,963000,963002,975496,975981 CVE References: CVE-2015-5194,CVE-2015-5219,CVE-2015-5300,CVE-2015-7691,CVE-2015-7692,CVE-2015-7701,CVE-2015-7702,CVE-2015-7703,CVE-2015-7704,CVE-2015-7705,CVE-2015-7848,CVE-2015-7849,CVE-2015-7850,CVE-2015-7851,CVE-2015-7852,CVE-2015-7853,CVE-2015-7854,CVE-2015-7855,CVE-2015-7871,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8139,CVE-2015-8140,CVE-2015-8158 Sources used: SUSE OpenStack Cloud 5 (src): ntp-4.2.8p6-41.1 SUSE Manager Proxy 2.1 (src): ntp-4.2.8p6-41.1 SUSE Manager 2.1 (src): ntp-4.2.8p6-41.1 SUSE Linux Enterprise Server 11-SP3-LTSS (src): ntp-4.2.8p6-41.1 SUSE Linux Enterprise Server 11-SP2-LTSS (src): ntp-4.2.8p6-41.1, yast2-ntp-client-2.17.14.1-1.12.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): ntp-4.2.8p6-41.1 SUSE Linux Enterprise Debuginfo 11-SP2 (src): ntp-4.2.8p6-41.1
This is an autogenerated message for OBS integration: This bug (782060) was mentioned in https://build.opensuse.org/request/show/396591 13.2 / ntp
openSUSE-SU-2016:1423-1: An update that fixes 37 vulnerabilities is now available. Category: security (moderate) Bug References: 782060,905885,910063,916617,920238,926510,936327,942587,944300,946386,951559,951608,951629,954982,956773,957226,962318,962784,962802,962960,962966,962970,962988,962995,963000,963002,975496,977446,977450,977451,977452,977455,977457,977458,977459,977461,977464 CVE References: CVE-2015-5300,CVE-2015-7691,CVE-2015-7692,CVE-2015-7701,CVE-2015-7702,CVE-2015-7703,CVE-2015-7704,CVE-2015-7705,CVE-2015-7848,CVE-2015-7849,CVE-2015-7850,CVE-2015-7851,CVE-2015-7852,CVE-2015-7853,CVE-2015-7854,CVE-2015-7855,CVE-2015-7871,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8139,CVE-2015-8140,CVE-2015-8158,CVE-2016-1547,CVE-2016-1548,CVE-2016-1549,CVE-2016-1550,CVE-2016-1551,CVE-2016-2516,CVE-2016-2517,CVE-2016-2518,CVE-2016-2519 Sources used: openSUSE 13.2 (src): ntp-4.2.8p7-25.15.1
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2016-06-21. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62822
SUSE-SU-2016:1912-1: An update that solves 43 vulnerabilities and has 9 fixes is now available. Category: security (important) Bug References: 782060,784760,905885,910063,916617,920183,920238,920893,920895,920905,924202,926510,936327,943218,943221,944300,951351,951559,951629,952611,957226,962318,962784,962802,962960,962966,962970,962988,962995,963000,963002,975496,977450,977451,977452,977455,977457,977458,977459,977461,977464,979302,981422,982056,982064,982065,982066,982067,982068,988417,988558,988565 CVE References: CVE-2015-1798,CVE-2015-1799,CVE-2015-5194,CVE-2015-5300,CVE-2015-7691,CVE-2015-7692,CVE-2015-7701,CVE-2015-7702,CVE-2015-7703,CVE-2015-7704,CVE-2015-7705,CVE-2015-7848,CVE-2015-7849,CVE-2015-7850,CVE-2015-7851,CVE-2015-7852,CVE-2015-7853,CVE-2015-7854,CVE-2015-7855,CVE-2015-7871,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8158,CVE-2016-1547,CVE-2016-1548,CVE-2016-1549,CVE-2016-1550,CVE-2016-1551,CVE-2016-2516,CVE-2016-2517,CVE-2016-2518,CVE-2016-2519,CVE-2016-4953,CVE-2016-4954,CVE-2016-4955,CVE-2016-4956,CVE-2016-4957 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): ntp-4.2.8p8-0.7.1